diff options
author | andre.schmid <andre.schmid@est.tech> | 2019-11-04 13:59:28 +0000 |
---|---|---|
committer | Ojas Dubey <Ojas.Dubey@amdocs.com> | 2019-11-06 06:52:38 +0000 |
commit | 9056ae7b51532ef185164aefe2fccaeabed6946c (patch) | |
tree | a5e0df6c284fc584f61c9d0c242feec90cbe689b /common-app-api | |
parent | 1e61754c29fc99636de692a0fb9d2ef1a4ba9e61 (diff) |
Fix sonarqube issues introduced by ZipSlip change
Fix major and critical sonarqube issues introduced by ZipSlip change
id I721f3d44b34fe6d242c9537f5a515ce1bb534c9a
Change-Id: I3aa2cd4116936d715baba99a38d43aa40fd62a29
Issue-ID: SDC-1401
Signed-off-by: andre.schmid <andre.schmid@est.tech>
Diffstat (limited to 'common-app-api')
-rw-r--r-- | common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java | 47 |
1 files changed, 27 insertions, 20 deletions
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java b/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java index d90377fc88..25f85badef 100644 --- a/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java +++ b/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java @@ -75,8 +75,8 @@ public class ZipUtils { String canonicalPath = null; try { canonicalPath = file.getCanonicalPath(); - } catch (final IOException ignored) { - //ignored + } catch (final IOException ex) { + LOGGER.debug("Could not get canonical path of file '{}'", file.getPath(), ex); } if (canonicalPath != null && !canonicalPath.equals(file.getAbsolutePath())) { throw new ZipSlipException(filePath.toString()); @@ -170,26 +170,10 @@ public class ZipUtils { final Map<String, byte[]> filePathAndByteMap = new HashMap<>(); try (final ZipInputStream inputZipStream = ZipUtils.getInputStreamFromBytes(zipFileBytes)) { - byte[] fileByteContent; - String currentEntryName; ZipEntry zipEntry; while ((zipEntry = inputZipStream.getNextEntry()) != null) { - checkForZipSlipInRead(zipEntry); - currentEntryName = zipEntry.getName(); - fileByteContent = getBytes(inputZipStream); - if (zipEntry.isDirectory()) { - if (hasToIncludeDirectories) { - filePathAndByteMap.put(normalizeFolder(currentEntryName), null); - } - } else { - if (hasToIncludeDirectories) { - final Path parentFolderPath = Paths.get(zipEntry.getName()).getParent(); - if (parentFolderPath != null) { - filePathAndByteMap.putIfAbsent(normalizeFolder(parentFolderPath.toString()), null); - } - } - filePathAndByteMap.put(currentEntryName, fileByteContent); - } + filePathAndByteMap + .putAll(processZipEntryInRead(zipEntry, getBytes(inputZipStream), hasToIncludeDirectories)); } } catch (final IOException e) { LOGGER.warn("Could not close the zip input stream", e); @@ -198,6 +182,29 @@ public class ZipUtils { return filePathAndByteMap; } + private static Map<String, byte[]> processZipEntryInRead(final ZipEntry zipEntry, + final byte[] inputStreamBytes, + final boolean hasToIncludeDirectories) throws ZipException { + final Map<String, byte[]> filePathAndByteMap = new HashMap<>(); + checkForZipSlipInRead(zipEntry); + if (zipEntry.isDirectory()) { + if (hasToIncludeDirectories) { + filePathAndByteMap.put(normalizeFolder(zipEntry.getName()), null); + } + return filePathAndByteMap; + } + + if (hasToIncludeDirectories) { + final Path parentFolderPath = Paths.get(zipEntry.getName()).getParent(); + if (parentFolderPath != null) { + filePathAndByteMap.putIfAbsent(normalizeFolder(parentFolderPath.toString()), null); + } + } + filePathAndByteMap.put(zipEntry.getName(), inputStreamBytes); + + return filePathAndByteMap; + } + /** * Adds a {@link File#separator} at the end of the folder path if not present. * |